RHEL 10 : yggdrasil (RHSA-2026:11375)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:11375 advisory. yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child worker...

PT-2026-32711

It was discovered that xdg-dbus-proxy incorrectly handled eavesdropping in policy rules. A local attacker could possibly use this issue to intercept certain D-Bus messages...

SUSE CVE-2023-3297

In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process...

Important: systemd

Issue Overview: It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service. Properties longer than LINEMAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the...

SUSE-SU-2020:0353-1 Security update for systemd

This update for systemd provides the following fixes: - CVE-2020-1712 bscbsc1162108 Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or...

systemd security and bug fix update

239-13.0.1.3 - fix netdev is missing for iscsi entry in /etc/fstab [email protected] Orabug: 25897792 - set RemoveIPC=no in logind.conf as default for OL7.2 Orabug: 22224874 - allow dm remove ioctl to co-operate with UEK3 Vaughan Cao Orabug: 18467469 - add hv dynamic memory support Jerry...

EulerOS Virtualization 2.5.4 : systemd (EulerOS-SA-2019-1196)

According to the version of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough...

EulerOS Virtualization 2.5.3 : systemd (EulerOS-SA-2019-1256)

According to the version of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough...

DEBIAN-CVE-2019-6454

An issue was discovered in sd-bus in systemd 239. busprocessobject in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to...

[ASA-201902-24] systemd: denial of service

Arch Linux Security Advisory ASA-201902-24 ========================================== Severity: High Date : 2019-02-21 CVE-ID : CVE-2019-6454 Package : systemd Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-906 Summary ======= The package systemd before version...

Denial Of Service (DoS)

libsystemd.so is vulnerable to denial of service. A local attacker is able to cause a kernel panic by sending a malicious DBUS message which would cause a stack-based buffer overflow in the function busprocessobject in bus-objects.c...

systemd security update

219-62.0.4 - do not create utmp update symlinks for reboot and poweroff Orabug: 27854896 - OL7 udev rule for virtio net standby interface Orabug: 28826743 - fix netdev is missing for iscsi entry in /etc/fstab Orabug: 25897792 [email protected] - set 'RemoveIPC=no' in logind.conf as default fo...

Amazon Linux 2 : systemd (ALAS-2019-1164)

It was found that busprocessobject in bus-objects.c allocates a buffer on the stack large enough to temporarily store the object path specified in the incoming message. A malicious unprivileged local user to send a message which results in the stack pointer moving outside of the bounds of the...

SUSE-SU-2019:0426-1 Security update for systemd

This update for systemd fixes the following issues: - CVE-2019-6454: Overlong DBUS messages could be used to crash systemd bsc1125352 - units: make sure initrd-cleanup.service terminates before switching to rootfs bsc1123333 - logind: fix bad error propagation - login: log session state 'closing'...

Important: systemd

Issue Overview: It was found that busprocessobject in bus-objects.c allocates a buffer on the stack large enough to temporarily store the object path specified in the incoming message. A malicious unprivileged local user to send a message which results in the stack pointer moving outside of the...

SUSE SLES11 Security Update : glib2 (SUSE-SU-2018:3966-1)

This update for glib2 fixes the following issues : Security issues fixed : CVE-2018-16429: Fixed out-of-bounds read vulnerability ingmarkupparsecontextparse bsc1107116. Fixing potentially exploitable bugs in UTF-8 validation in Variant and DBUS message parsing bsc1111499. Note that Tenable Networ...

SUSE-SU-2018:3966-1 Security update for glib2

This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16429: Fixed out-of-bounds read vulnerability ingmarkupparsecontextparse bsc1107116. - Fixing potentially exploitable bugs in UTF-8 validation in Variant and DBUS message parsing bsc1111499...

glib/fuzz_dbus_message: Use-of-uninitialized-value in g_dbus_message_new_from_blob

Project: https://gitlab.gnome.org/GNOME/glib.git Detailed report: https://oss-fuzz.com/testcase?key=5649572817797120 Project: glib Fuzzer: libFuzzerglibfuzzdbusmessage Fuzz target binary: fuzzdbusmessage Job Type: libfuzzermsanglib Platform Id: linux Crash Type: Use-of-uninitialized-value Crash...

CVE-2012-2095

The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message...